@azure/msal-browser 5.16.0 → 5.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/IPublicClientApplication.mjs.map +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs.map +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs.map +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AccountManager.mjs.map +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs.map +1 -1
- package/dist/cache/BrowserCacheManager.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheHelpers.mjs.map +1 -1
- package/dist/cache/CacheKeys.mjs +1 -1
- package/dist/cache/CacheKeys.mjs.map +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/CookieStorage.mjs.map +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs.map +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/LocalStorage.mjs.map +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs.map +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs.map +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/cache/TokenCache.mjs.map +1 -1
- package/dist/config/Configuration.mjs +2 -1
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
- package/dist/controllers/StandardController.mjs +2 -2
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/BrowserCrypto.mjs.map +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs.map +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs.map +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs.map +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs.map +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs.map +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs.map +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs.map +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs.map +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs.map +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs.map +1 -1
- package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs.map +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs.map +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs.map +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs.map +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs.map +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs.map +1 -1
- package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs.map +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs.map +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs.map +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs.map +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs.map +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs.map +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs.map +1 -1
- package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs.map +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs.map +1 -1
- package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs.map +1 -1
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +1 -1
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs.map +1 -1
- package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom_auth/core/utils/UrlUtils.mjs.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs.map +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs.map +1 -1
- package/dist/custom_auth/index.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs.map +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs.map +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs.map +1 -1
- package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs.map +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs.map +1 -1
- package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs.map +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +3 -2
- package/dist/error/BrowserAuthErrorCodes.mjs.map +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs.map +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthError.mjs.map +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs.map +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventHandler.mjs.map +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventMessage.mjs.map +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/event/EventType.mjs.map +1 -1
- package/dist/index.mjs +1 -1
- package/dist/index.mjs.map +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs.map +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +77 -10
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +1 -1
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs.map +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs.map +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs.map +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/log-strings-mapping.json +7 -3
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +2 -2
- package/dist/naa/BridgeProxy.mjs.map +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs.map +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs.map +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs.map +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/network/FetchClient.mjs.map +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs.map +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs.map +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs.map +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/popup_relay/constants.mjs +21 -0
- package/dist/popup_relay/constants.mjs.map +1 -0
- package/dist/popup_relay/index.mjs +163 -0
- package/dist/popup_relay/index.mjs.map +1 -0
- package/dist/popup_relay/relayClient.mjs +114 -0
- package/dist/popup_relay/relayClient.mjs.map +1 -0
- package/dist/protocol/Authorize.mjs +42 -24
- package/dist/protocol/Authorize.mjs.map +1 -1
- package/dist/redirect_bridge/index.mjs +1 -1
- package/dist/redirect_bridge/index.mjs.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/request/RequestHelpers.mjs.map +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs.map +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs.map +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs.map +1 -1
- package/dist/utils/BrowserUtils.mjs +2 -2
- package/dist/utils/BrowserUtils.mjs.map +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/Helpers.mjs.map +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs.map +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +7 -3
- package/lib/custom-auth-path/msal-custom-auth.cjs +5973 -5767
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/msal-custom-auth.js +5973 -5767
- package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
- package/lib/log-strings-mapping.json +7 -3
- package/lib/msal-browser.cjs +6814 -6605
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +6814 -6605
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/popup-relay/msal-popup-relay.cjs +278 -0
- package/lib/popup-relay/msal-popup-relay.cjs.map +1 -0
- package/lib/popup-relay/msal-popup-relay.js +284 -0
- package/lib/popup-relay/msal-popup-relay.js.map +1 -0
- package/lib/popup-relay/msal-popup-relay.min.js +2 -0
- package/lib/redirect-bridge/msal-redirect-bridge.cjs +39 -39
- package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.js +39 -39
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
- package/package.json +14 -3
- package/scripts/README.md +112 -0
- package/scripts/decode-logs.cjs +822 -0
- package/src/config/Configuration.ts +18 -0
- package/src/error/BrowserAuthErrorCodes.ts +1 -0
- package/src/interaction_client/PopupClient.ts +137 -23
- package/src/packageMetadata.ts +1 -1
- package/src/popup_relay/constants.ts +17 -0
- package/src/popup_relay/index.ts +221 -0
- package/src/popup_relay/relayClient.ts +178 -0
- package/src/protocol/Authorize.ts +76 -27
- package/types/config/Configuration.d.ts +16 -0
- package/types/config/Configuration.d.ts.map +1 -1
- package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/types/error/BrowserAuthErrorCodes.d.ts +1 -0
- package/types/error/BrowserAuthErrorCodes.d.ts.map +1 -1
- package/types/interaction_client/PopupClient.d.ts +13 -0
- package/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/types/packageMetadata.d.ts +1 -1
- package/types/popup_relay/constants.d.ts +13 -0
- package/types/popup_relay/constants.d.ts.map +1 -0
- package/types/popup_relay/index.d.cts +1 -0
- package/types/popup_relay/index.d.ts +42 -0
- package/types/popup_relay/index.d.ts.map +1 -0
- package/types/popup_relay/relayClient.d.ts +43 -0
- package/types/popup_relay/relayClient.d.ts.map +1 -0
- package/types/protocol/Authorize.d.ts +25 -0
- package/types/protocol/Authorize.d.ts.map +1 -1
|
@@ -67,6 +67,23 @@ export type BrowserAuthOptions = {
|
|
|
67
67
|
*/
|
|
68
68
|
postLogoutRedirectUri?: string | null;
|
|
69
69
|
|
|
70
|
+
/**
|
|
71
|
+
* URI of a first-party, top-level "popup-relay" page used to acquire tokens
|
|
72
|
+
* interactively from inside a cross-origin iframe that an untrusted host has
|
|
73
|
+
* embedded (where third-party storage partitioning and COOP break the normal
|
|
74
|
+
* popup flow). When set, `acquireTokenPopup` opens this page top-level
|
|
75
|
+
* instead of navigating the popup straight to the IdP, and the page must call
|
|
76
|
+
* `runPopupRelay()`. Resolved relative to the app origin, so it must be
|
|
77
|
+
* same-origin as the embedded frame.
|
|
78
|
+
*
|
|
79
|
+
* This is a browser SPA-only mechanism (`PublicClientApplication` in
|
|
80
|
+
* `@azure/msal-browser`): it brokers the standard interactive popup
|
|
81
|
+
* auth-code flow through a same-origin page. It does not apply to native
|
|
82
|
+
* app, platform broker (WAM), Nested App Auth, or confidential-client /
|
|
83
|
+
* server-side scenarios.
|
|
84
|
+
*/
|
|
85
|
+
popupRelayUri?: string;
|
|
86
|
+
|
|
70
87
|
/**
|
|
71
88
|
* Array of capabilities which will be added to the claims.access_token.xms_cc request property on every network request.
|
|
72
89
|
*/
|
|
@@ -271,6 +288,7 @@ export function buildConfiguration(
|
|
|
271
288
|
? window.location.href.split("?")[0].split("#")[0]
|
|
272
289
|
: "",
|
|
273
290
|
postLogoutRedirectUri: "",
|
|
291
|
+
popupRelayUri: "",
|
|
274
292
|
clientCapabilities: [],
|
|
275
293
|
OIDCOptions: {
|
|
276
294
|
responseMode: Constants.ResponseMode.FRAGMENT,
|
|
@@ -24,6 +24,7 @@ export const redirectBridgeEmptyResponse = "redirect_bridge_empty_response";
|
|
|
24
24
|
export const redirectInIframe = "redirect_in_iframe";
|
|
25
25
|
export const blockIframeReload = "block_iframe_reload";
|
|
26
26
|
export const blockNestedPopups = "block_nested_popups";
|
|
27
|
+
export const popupRelayUnsupportedFlow = "popup_relay_unsupported_flow";
|
|
27
28
|
export const iframeClosedPrematurely = "iframe_closed_prematurely";
|
|
28
29
|
export const silentLogoutUnsupported = "silent_logout_unsupported";
|
|
29
30
|
export const noAccountError = "no_account_error";
|
|
@@ -19,6 +19,7 @@ import {
|
|
|
19
19
|
PkceCodes,
|
|
20
20
|
CommonAuthorizationUrlRequest,
|
|
21
21
|
ProtocolUtils,
|
|
22
|
+
Authority,
|
|
22
23
|
} from "@azure/msal-common/browser";
|
|
23
24
|
import {
|
|
24
25
|
initializeAuthorizationRequest,
|
|
@@ -34,6 +35,8 @@ import {
|
|
|
34
35
|
import { EndSessionPopupRequest } from "../request/EndSessionPopupRequest.js";
|
|
35
36
|
import { NavigationOptions } from "../navigation/NavigationOptions.js";
|
|
36
37
|
import * as BrowserUtils from "../utils/BrowserUtils.js";
|
|
38
|
+
import * as PopupRelay from "../popup_relay/relayClient.js";
|
|
39
|
+
import { base64Decode } from "../encode/Base64Decode.js";
|
|
37
40
|
import { PopupRequest } from "../request/PopupRequest.js";
|
|
38
41
|
import {
|
|
39
42
|
createBrowserAuthError,
|
|
@@ -375,9 +378,26 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
375
378
|
this.performanceClient
|
|
376
379
|
);
|
|
377
380
|
|
|
381
|
+
/*
|
|
382
|
+
* When a popup-relay page is configured, open it top-level
|
|
383
|
+
* (same first-party origin) instead of navigating the popup
|
|
384
|
+
* straight to the IdP, and carry the /authorize URL in its hash.
|
|
385
|
+
* The relay page opens the IdP child popup and relays the
|
|
386
|
+
* response back via postMessage (see waitForPopupResponse).
|
|
387
|
+
*/
|
|
388
|
+
const popupRelayUri = this.config.auth.popupRelayUri;
|
|
389
|
+
const popupNavigateUrl = popupRelayUri
|
|
390
|
+
? PopupRelay.buildPopupRelayUrl(
|
|
391
|
+
popupRelayUri,
|
|
392
|
+
this.getRelayStateId(request.state, correlationId),
|
|
393
|
+
{ method: "GET", url: navigateUrl },
|
|
394
|
+
correlationId
|
|
395
|
+
)
|
|
396
|
+
: navigateUrl;
|
|
397
|
+
|
|
378
398
|
// Show the UI once the url has been created. Get the window handle for the popup.
|
|
379
399
|
const popupWindow: Window = this.initiateAuthRequest(
|
|
380
|
-
|
|
400
|
+
popupNavigateUrl,
|
|
381
401
|
popupParams
|
|
382
402
|
);
|
|
383
403
|
this.eventHandler.emitEvent(
|
|
@@ -497,18 +517,13 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
497
517
|
earJwk: earJwk,
|
|
498
518
|
codeChallenge: pkce.challenge,
|
|
499
519
|
};
|
|
500
|
-
const popupWindow =
|
|
501
|
-
popupParams.popup || this.openPopup("about:blank", popupParams);
|
|
502
|
-
|
|
503
|
-
const form = await Authorize.getEARForm(
|
|
504
|
-
popupWindow.document,
|
|
505
|
-
this.config,
|
|
506
|
-
discoveredAuthority,
|
|
520
|
+
const popupWindow = await this.openPostFormPopup(
|
|
507
521
|
popupRequest,
|
|
508
|
-
|
|
509
|
-
|
|
522
|
+
discoveredAuthority,
|
|
523
|
+
popupParams,
|
|
524
|
+
correlationId,
|
|
525
|
+
true
|
|
510
526
|
);
|
|
511
|
-
form.submit();
|
|
512
527
|
|
|
513
528
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
514
529
|
const responseString = await invokeAsync(
|
|
@@ -621,20 +636,14 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
621
636
|
this.logger
|
|
622
637
|
);
|
|
623
638
|
|
|
624
|
-
const popupWindow =
|
|
625
|
-
popupParams.popup || this.openPopup("about:blank", popupParams);
|
|
626
|
-
|
|
627
|
-
const form = await Authorize.getCodeForm(
|
|
628
|
-
popupWindow.document,
|
|
629
|
-
this.config,
|
|
630
|
-
discoveredAuthority,
|
|
639
|
+
const popupWindow = await this.openPostFormPopup(
|
|
631
640
|
request,
|
|
632
|
-
|
|
633
|
-
|
|
641
|
+
discoveredAuthority,
|
|
642
|
+
popupParams,
|
|
643
|
+
correlationId,
|
|
644
|
+
false
|
|
634
645
|
);
|
|
635
646
|
|
|
636
|
-
form.submit();
|
|
637
|
-
|
|
638
647
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
639
648
|
const responseString = await invokeAsync(
|
|
640
649
|
this.waitForPopupResponse.bind(this),
|
|
@@ -794,8 +803,30 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
794
803
|
validRequest
|
|
795
804
|
);
|
|
796
805
|
|
|
806
|
+
/*
|
|
807
|
+
* When a popup-relay page is configured, open it top-level (same
|
|
808
|
+
* first-party origin) and carry the end-session URL in its hash,
|
|
809
|
+
* exactly like the login flow. The relay page opens the IdP child
|
|
810
|
+
* popup and the post-logout redirect page (running the redirect
|
|
811
|
+
* bridge) relays completion back via postMessage — so logout works
|
|
812
|
+
* from an embedded, cross-origin iframe where a direct popup to the
|
|
813
|
+
* IdP cannot. See runPopupRelay / waitForPopupResponse.
|
|
814
|
+
*/
|
|
815
|
+
const popupRelayUri = this.config.auth.popupRelayUri;
|
|
816
|
+
const popupNavigateUrl = popupRelayUri
|
|
817
|
+
? PopupRelay.buildPopupRelayUrl(
|
|
818
|
+
popupRelayUri,
|
|
819
|
+
this.getRelayStateId(
|
|
820
|
+
validRequest.state || "",
|
|
821
|
+
this.correlationId
|
|
822
|
+
),
|
|
823
|
+
{ method: "GET", url: logoutUri },
|
|
824
|
+
this.correlationId
|
|
825
|
+
)
|
|
826
|
+
: logoutUri;
|
|
827
|
+
|
|
797
828
|
// Open the popup window to requestUrl.
|
|
798
|
-
const popupWindow = this.openPopup(
|
|
829
|
+
const popupWindow = this.openPopup(popupNavigateUrl, popupParams);
|
|
799
830
|
this.eventHandler.emitEvent(
|
|
800
831
|
EventType.POPUP_OPENED,
|
|
801
832
|
validRequest.correlationId,
|
|
@@ -1074,11 +1105,94 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
1074
1105
|
return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`;
|
|
1075
1106
|
}
|
|
1076
1107
|
|
|
1108
|
+
/**
|
|
1109
|
+
* Decodes the per-request library-state id from the encoded request state.
|
|
1110
|
+
*/
|
|
1111
|
+
private getRelayStateId(state: string, correlationId: string): string {
|
|
1112
|
+
return ProtocolUtils.parseRequestState(
|
|
1113
|
+
base64Decode,
|
|
1114
|
+
state,
|
|
1115
|
+
correlationId
|
|
1116
|
+
).libraryState.id;
|
|
1117
|
+
}
|
|
1118
|
+
|
|
1119
|
+
/**
|
|
1120
|
+
* Opens the interactive popup for a POST-form /authorize request. Shared by
|
|
1121
|
+
* the auth-code POST and EAR flows, which are identical apart from the form
|
|
1122
|
+
* builder (`isEAR` selects the EAR vs auth-code builders). When a
|
|
1123
|
+
* popup-relay page is configured the form is carried to the relay page
|
|
1124
|
+
* (which opens the IdP child popup); otherwise the form is submitted
|
|
1125
|
+
* directly into the popup.
|
|
1126
|
+
*/
|
|
1127
|
+
private async openPostFormPopup(
|
|
1128
|
+
request: CommonAuthorizationUrlRequest,
|
|
1129
|
+
discoveredAuthority: Authority,
|
|
1130
|
+
popupParams: PopupParams,
|
|
1131
|
+
correlationId: string,
|
|
1132
|
+
isEAR: boolean
|
|
1133
|
+
): Promise<Window> {
|
|
1134
|
+
const popupRelayUri = this.config.auth.popupRelayUri;
|
|
1135
|
+
if (popupRelayUri) {
|
|
1136
|
+
const getFormData = isEAR
|
|
1137
|
+
? Authorize.getEARFormData
|
|
1138
|
+
: Authorize.getCodeFormData;
|
|
1139
|
+
const formData = await getFormData(
|
|
1140
|
+
this.config,
|
|
1141
|
+
discoveredAuthority,
|
|
1142
|
+
request,
|
|
1143
|
+
this.logger,
|
|
1144
|
+
this.performanceClient
|
|
1145
|
+
);
|
|
1146
|
+
const relayUrl = PopupRelay.buildPopupRelayUrl(
|
|
1147
|
+
popupRelayUri,
|
|
1148
|
+
this.getRelayStateId(request.state, correlationId),
|
|
1149
|
+
{
|
|
1150
|
+
method: "POST",
|
|
1151
|
+
action: formData.action,
|
|
1152
|
+
fields: formData.fields,
|
|
1153
|
+
},
|
|
1154
|
+
correlationId
|
|
1155
|
+
);
|
|
1156
|
+
return this.initiateAuthRequest(relayUrl, popupParams);
|
|
1157
|
+
}
|
|
1158
|
+
|
|
1159
|
+
const popupWindow =
|
|
1160
|
+
popupParams.popup || this.openPopup("about:blank", popupParams);
|
|
1161
|
+
const getForm = isEAR ? Authorize.getEARForm : Authorize.getCodeForm;
|
|
1162
|
+
const form = await getForm(
|
|
1163
|
+
popupWindow.document,
|
|
1164
|
+
this.config,
|
|
1165
|
+
discoveredAuthority,
|
|
1166
|
+
request,
|
|
1167
|
+
this.logger,
|
|
1168
|
+
this.performanceClient
|
|
1169
|
+
);
|
|
1170
|
+
form.submit();
|
|
1171
|
+
return popupWindow;
|
|
1172
|
+
}
|
|
1173
|
+
|
|
1077
1174
|
protected async waitForPopupResponse(
|
|
1078
1175
|
request: CommonAuthorizationUrlRequest | CommonEndSessionRequest,
|
|
1079
1176
|
popupWindow: Window,
|
|
1080
1177
|
popupWindowParent: Window
|
|
1081
1178
|
): Promise<string> {
|
|
1179
|
+
/*
|
|
1180
|
+
* When a popup-relay page is configured the response is relayed back to
|
|
1181
|
+
* this frame by the relay page via postMessage, and the relay popup's
|
|
1182
|
+
* lifecycle (including the user dismissing it before signing in) must be
|
|
1183
|
+
* tracked here. This takes precedence over the default bridge response
|
|
1184
|
+
* hook, whose BroadcastChannel cannot reach a partitioned cross-site
|
|
1185
|
+
* frame and which does not track the relay popup.
|
|
1186
|
+
*/
|
|
1187
|
+
if (this.config.auth.popupRelayUri) {
|
|
1188
|
+
return PopupRelay.waitForPopupRelayResponse(
|
|
1189
|
+
this.config.system.popupBridgeTimeout,
|
|
1190
|
+
this.logger,
|
|
1191
|
+
request,
|
|
1192
|
+
popupWindow,
|
|
1193
|
+
this.performanceClient
|
|
1194
|
+
);
|
|
1195
|
+
}
|
|
1082
1196
|
if (this.waitForPopupResponseHook) {
|
|
1083
1197
|
return this.waitForPopupResponseHook(
|
|
1084
1198
|
request,
|
package/src/packageMetadata.ts
CHANGED
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3
|
+
* Licensed under the MIT License.
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
/**
|
|
7
|
+
* postMessage envelope type used to relay an auth response from a popup-relay
|
|
8
|
+
* page (see `runPopupRelay`) back to the embedded frame that opened it. See
|
|
9
|
+
* {@link BrowserAuthOptions.popupRelayUri}.
|
|
10
|
+
*
|
|
11
|
+
* Kept dependency-free so both the relay-page entry (`./index.js`) and the
|
|
12
|
+
* client-side helpers (`./relayClient.js`) can import it without either bundle
|
|
13
|
+
* pulling in the other's dependencies.
|
|
14
|
+
*
|
|
15
|
+
* @internal
|
|
16
|
+
*/
|
|
17
|
+
export const POPUP_RELAY_RESPONSE_TYPE = "msal:popup-relay-response:v1";
|
|
@@ -0,0 +1,221 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3
|
+
* Licensed under the MIT License.
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
import { POPUP_RELAY_RESPONSE_TYPE } from "./constants.js";
|
|
7
|
+
import {
|
|
8
|
+
BrowserAuthErrorCodes,
|
|
9
|
+
createBrowserAuthError,
|
|
10
|
+
} from "../error/BrowserAuthError.js";
|
|
11
|
+
import { createForm } from "../protocol/Authorize.js";
|
|
12
|
+
import { PopupWindowAttributes } from "../request/PopupWindowAttributes.js";
|
|
13
|
+
|
|
14
|
+
/** Options for {@link runPopupRelay}. */
|
|
15
|
+
export type PopupRelayOptions = {
|
|
16
|
+
/**
|
|
17
|
+
* Sizing/positioning for the IdP child popup the relay page opens. Same
|
|
18
|
+
* shape as `PopupRequest.popupWindowAttributes` (`popupSize` with width and
|
|
19
|
+
* height, `popupPosition` with top and left). Defaults to a 520x640 window.
|
|
20
|
+
*/
|
|
21
|
+
popupWindowAttributes?: PopupWindowAttributes;
|
|
22
|
+
/**
|
|
23
|
+
* How long (ms) to wait for the IdP child popup to deliver a response
|
|
24
|
+
* before giving up. Defaults to 300000 (5 minutes).
|
|
25
|
+
*/
|
|
26
|
+
timeoutMs?: number;
|
|
27
|
+
};
|
|
28
|
+
|
|
29
|
+
type PopupRelayRequest = { id: string } & (
|
|
30
|
+
| { method: "GET"; url: string }
|
|
31
|
+
| { method: "POST"; action: string; fields: Record<string, string> }
|
|
32
|
+
);
|
|
33
|
+
|
|
34
|
+
const DEFAULT_POPUP_RELAY_TIMEOUT_MS = 300000;
|
|
35
|
+
const DEFAULT_POPUP_RELAY_WIDTH = 520;
|
|
36
|
+
const DEFAULT_POPUP_RELAY_HEIGHT = 640;
|
|
37
|
+
|
|
38
|
+
/**
|
|
39
|
+
* Builds the `window.open` features string for the IdP child popup from a
|
|
40
|
+
* {@link PopupWindowAttributes}, mirroring the shape used by
|
|
41
|
+
* `PopupRequest.popupWindowAttributes`.
|
|
42
|
+
*/
|
|
43
|
+
function buildChildPopupFeatures(attributes?: PopupWindowAttributes): string {
|
|
44
|
+
const width = attributes?.popupSize?.width || DEFAULT_POPUP_RELAY_WIDTH;
|
|
45
|
+
const height = attributes?.popupSize?.height || DEFAULT_POPUP_RELAY_HEIGHT;
|
|
46
|
+
const features = [`width=${width}`, `height=${height}`];
|
|
47
|
+
if (attributes?.popupPosition?.top !== undefined) {
|
|
48
|
+
features.push(`top=${attributes.popupPosition.top}`);
|
|
49
|
+
}
|
|
50
|
+
if (attributes?.popupPosition?.left !== undefined) {
|
|
51
|
+
features.push(`left=${attributes.popupPosition.left}`);
|
|
52
|
+
}
|
|
53
|
+
features.push("scrollbars=yes");
|
|
54
|
+
return features.join(",");
|
|
55
|
+
}
|
|
56
|
+
|
|
57
|
+
/**
|
|
58
|
+
* Entry point for the top-level "popup-relay" page referenced by
|
|
59
|
+
* `auth.popupRelayUri`. Call this from the relay page (which MSAL opens as a
|
|
60
|
+
* top-level popup from inside an embedded, cross-origin iframe). It:
|
|
61
|
+
*
|
|
62
|
+
* 1. Reads the IdP navigation MSAL passed in this page's hash (a GET URL, or a
|
|
63
|
+
* POST form for the form_post / EAR response modes), then scrubs the hash.
|
|
64
|
+
* 2. Opens the IdP child popup and performs that navigation (the relay page
|
|
65
|
+
* stays put, so its `window.opener` link back to the embedded frame
|
|
66
|
+
* survives COOP).
|
|
67
|
+
* 3. Waits for the child's redirect URI page (which must run the redirect
|
|
68
|
+
* bridge, `broadcastResponseToMainFrame`) to broadcast the raw auth
|
|
69
|
+
* response over a same-origin `BroadcastChannel`.
|
|
70
|
+
* 4. Relays that raw response back to the embedded frame via
|
|
71
|
+
* `opener.postMessage`, posting only to its own (same) origin, then closes.
|
|
72
|
+
*
|
|
73
|
+
* The embedded frame keeps the PKCE verifier (and EAR private key) and exchanges
|
|
74
|
+
* the relayed response itself — no token, verifier, or private key ever crosses
|
|
75
|
+
* a window boundary.
|
|
76
|
+
*
|
|
77
|
+
* Note: the child popup is opened when this function runs, so call it from a
|
|
78
|
+
* user gesture (e.g. a "Continue" button click) to avoid popup blockers.
|
|
79
|
+
*
|
|
80
|
+
* @param options - {@link PopupRelayOptions}
|
|
81
|
+
*/
|
|
82
|
+
export function runPopupRelay(options?: PopupRelayOptions): void {
|
|
83
|
+
const opener = window.opener as Window | null;
|
|
84
|
+
const targetOrigin = window.location.origin;
|
|
85
|
+
|
|
86
|
+
const hashParams = new URLSearchParams(
|
|
87
|
+
window.location.hash.replace(/^#/, "")
|
|
88
|
+
);
|
|
89
|
+
const rawReq = hashParams.get("req") || "";
|
|
90
|
+
|
|
91
|
+
// Scrub the relayed request out of the relay page's own URL immediately.
|
|
92
|
+
if (typeof window.history.replaceState === "function") {
|
|
93
|
+
window.history.replaceState(
|
|
94
|
+
null,
|
|
95
|
+
"",
|
|
96
|
+
window.location.origin + window.location.pathname
|
|
97
|
+
);
|
|
98
|
+
}
|
|
99
|
+
|
|
100
|
+
if (!opener) {
|
|
101
|
+
throw createBrowserAuthError(
|
|
102
|
+
BrowserAuthErrorCodes.popupRelayUnsupportedFlow,
|
|
103
|
+
"",
|
|
104
|
+
"popup_relay_no_opener"
|
|
105
|
+
);
|
|
106
|
+
}
|
|
107
|
+
|
|
108
|
+
let request: PopupRelayRequest;
|
|
109
|
+
try {
|
|
110
|
+
request = JSON.parse(rawReq) as PopupRelayRequest;
|
|
111
|
+
} catch (e) {
|
|
112
|
+
throw createBrowserAuthError(
|
|
113
|
+
BrowserAuthErrorCodes.popupRelayUnsupportedFlow,
|
|
114
|
+
"",
|
|
115
|
+
"popup_relay_bad_request"
|
|
116
|
+
);
|
|
117
|
+
}
|
|
118
|
+
if (!request || !request.id) {
|
|
119
|
+
throw createBrowserAuthError(
|
|
120
|
+
BrowserAuthErrorCodes.popupRelayUnsupportedFlow,
|
|
121
|
+
"",
|
|
122
|
+
"popup_relay_bad_request"
|
|
123
|
+
);
|
|
124
|
+
}
|
|
125
|
+
|
|
126
|
+
const id = request.id;
|
|
127
|
+
const channel = new BroadcastChannel(id);
|
|
128
|
+
let settled = false;
|
|
129
|
+
/*
|
|
130
|
+
* Timer handles are kept on a const holder so relay() (declared before the
|
|
131
|
+
* timers are created) can clear them — `let` handles trip prefer-const, and
|
|
132
|
+
* `const` handles can't be referenced before assignment (TDZ).
|
|
133
|
+
*/
|
|
134
|
+
const timers: {
|
|
135
|
+
closedPoll?: number;
|
|
136
|
+
timeoutId?: number;
|
|
137
|
+
} = {};
|
|
138
|
+
|
|
139
|
+
const relay = (message: { payload?: string; error?: string }): void => {
|
|
140
|
+
if (settled) {
|
|
141
|
+
return;
|
|
142
|
+
}
|
|
143
|
+
settled = true;
|
|
144
|
+
try {
|
|
145
|
+
channel.close();
|
|
146
|
+
} catch (e) {
|
|
147
|
+
/* ignore */
|
|
148
|
+
}
|
|
149
|
+
clearInterval(timers.closedPoll);
|
|
150
|
+
clearTimeout(timers.timeoutId);
|
|
151
|
+
opener.postMessage(
|
|
152
|
+
{ type: POPUP_RELAY_RESPONSE_TYPE, id, ...message },
|
|
153
|
+
targetOrigin
|
|
154
|
+
);
|
|
155
|
+
setTimeout(() => {
|
|
156
|
+
try {
|
|
157
|
+
window.close();
|
|
158
|
+
} catch (e) {
|
|
159
|
+
/* ignore */
|
|
160
|
+
}
|
|
161
|
+
}, 0);
|
|
162
|
+
};
|
|
163
|
+
|
|
164
|
+
// The redirect bridge broadcasts the raw auth response payload here.
|
|
165
|
+
channel.onmessage = (event: MessageEvent): void => {
|
|
166
|
+
const payload = event.data && event.data.payload;
|
|
167
|
+
if (payload) {
|
|
168
|
+
relay({ payload });
|
|
169
|
+
}
|
|
170
|
+
};
|
|
171
|
+
|
|
172
|
+
const features = buildChildPopupFeatures(options?.popupWindowAttributes);
|
|
173
|
+
const childPopup =
|
|
174
|
+
request.method === "POST"
|
|
175
|
+
? window.open("about:blank", "msalPopupRelayChild", features)
|
|
176
|
+
: window.open(request.url, "msalPopupRelayChild", features);
|
|
177
|
+
|
|
178
|
+
if (!childPopup) {
|
|
179
|
+
relay({ error: BrowserAuthErrorCodes.popupWindowError });
|
|
180
|
+
return;
|
|
181
|
+
}
|
|
182
|
+
|
|
183
|
+
if (request.method === "POST") {
|
|
184
|
+
createForm(
|
|
185
|
+
childPopup.document,
|
|
186
|
+
request.action,
|
|
187
|
+
request.fields
|
|
188
|
+
).submit();
|
|
189
|
+
}
|
|
190
|
+
|
|
191
|
+
timers.closedPoll = window.setInterval(() => {
|
|
192
|
+
if (childPopup.closed && !settled) {
|
|
193
|
+
/*
|
|
194
|
+
* The popup is gone, so the overall timeout no longer applies —
|
|
195
|
+
* drop it and report cancellation. A successful sign-in settles
|
|
196
|
+
* first: the redirect bridge broadcasts the response before it
|
|
197
|
+
* closes the popup, so onmessage runs on the
|
|
198
|
+
* next event-loop turn, well before this 500ms poll observes the
|
|
199
|
+
* close — the `!settled` guard then skips cancellation.
|
|
200
|
+
*/
|
|
201
|
+
clearTimeout(timers.timeoutId);
|
|
202
|
+
relay({ error: BrowserAuthErrorCodes.userCancelled });
|
|
203
|
+
}
|
|
204
|
+
}, 500);
|
|
205
|
+
|
|
206
|
+
timers.timeoutId = window.setTimeout(() => {
|
|
207
|
+
if (!settled) {
|
|
208
|
+
/*
|
|
209
|
+
* Stop the close poll before we close the popup ourselves, so it
|
|
210
|
+
* can't observe the close and report user_cancelled instead.
|
|
211
|
+
*/
|
|
212
|
+
clearInterval(timers.closedPoll);
|
|
213
|
+
try {
|
|
214
|
+
childPopup.close();
|
|
215
|
+
} catch (e) {
|
|
216
|
+
/* ignore */
|
|
217
|
+
}
|
|
218
|
+
relay({ error: BrowserAuthErrorCodes.timedOut });
|
|
219
|
+
}
|
|
220
|
+
}, options?.timeoutMs || DEFAULT_POPUP_RELAY_TIMEOUT_MS);
|
|
221
|
+
}
|
|
@@ -0,0 +1,178 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3
|
+
* Licensed under the MIT License.
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
import {
|
|
7
|
+
IPerformanceClient,
|
|
8
|
+
Logger,
|
|
9
|
+
ProtocolUtils,
|
|
10
|
+
} from "@azure/msal-common/browser";
|
|
11
|
+
import { base64Decode } from "../encode/Base64Decode.js";
|
|
12
|
+
import {
|
|
13
|
+
BrowserAuthErrorCodes,
|
|
14
|
+
createBrowserAuthError,
|
|
15
|
+
} from "../error/BrowserAuthError.js";
|
|
16
|
+
import { redirectBridgeEmptyResponse } from "../error/BrowserAuthErrorCodes.js";
|
|
17
|
+
import type { WaitForBridgeRequest } from "../utils/BrowserUtils.js";
|
|
18
|
+
import { POPUP_RELAY_RESPONSE_TYPE } from "./constants.js";
|
|
19
|
+
|
|
20
|
+
/**
|
|
21
|
+
* The navigation the popup-relay page should perform in its IdP child popup:
|
|
22
|
+
* either a GET navigation to a URL, or a POST form submission (used by the
|
|
23
|
+
* form_post and EAR response modes).
|
|
24
|
+
*
|
|
25
|
+
* @internal
|
|
26
|
+
*/
|
|
27
|
+
export type PopupRelayAction =
|
|
28
|
+
| { method: "GET"; url: string }
|
|
29
|
+
| { method: "POST"; action: string; fields: Record<string, string> };
|
|
30
|
+
|
|
31
|
+
/**
|
|
32
|
+
* Builds the URL of the popup-relay page to open. The action the relay page
|
|
33
|
+
* must perform (GET navigation or POST form) is carried in the page's hash
|
|
34
|
+
* (client-side only, never sent to a server), keyed by the per-request
|
|
35
|
+
* library-state `id` so the relay page can listen on the right BroadcastChannel
|
|
36
|
+
* and echo the id back. The relay URI is resolved against the app origin, so it
|
|
37
|
+
* must be same-origin as the embedded frame. See `runPopupRelay`.
|
|
38
|
+
*
|
|
39
|
+
* @internal
|
|
40
|
+
*/
|
|
41
|
+
export function buildPopupRelayUrl(
|
|
42
|
+
popupRelayUri: string,
|
|
43
|
+
id: string,
|
|
44
|
+
action: PopupRelayAction,
|
|
45
|
+
correlationId: string
|
|
46
|
+
): string {
|
|
47
|
+
const req = { id, ...action };
|
|
48
|
+
const target = new URL(popupRelayUri, window.location.origin);
|
|
49
|
+
/*
|
|
50
|
+
* The relay page must be same-origin as the embedded frame: the response is
|
|
51
|
+
* relayed back via postMessage and only accepted from this origin, and a
|
|
52
|
+
* cross-origin page would also receive the relayed /authorize request. Fail
|
|
53
|
+
* fast with a clear error instead of silently relaying to (and timing out
|
|
54
|
+
* against) the wrong origin.
|
|
55
|
+
*/
|
|
56
|
+
if (target.origin !== window.location.origin) {
|
|
57
|
+
throw createBrowserAuthError(
|
|
58
|
+
BrowserAuthErrorCodes.popupRelayUnsupportedFlow,
|
|
59
|
+
correlationId,
|
|
60
|
+
"popup_relay_cross_origin"
|
|
61
|
+
);
|
|
62
|
+
}
|
|
63
|
+
const hashParams = new URLSearchParams();
|
|
64
|
+
hashParams.set("req", JSON.stringify(req));
|
|
65
|
+
target.hash = hashParams.toString();
|
|
66
|
+
return target.toString();
|
|
67
|
+
}
|
|
68
|
+
|
|
69
|
+
/**
|
|
70
|
+
* Waits for the popup-relay page to relay the raw auth response back to the
|
|
71
|
+
* embedded frame via postMessage. Used in place of `waitForBridgeResponse`
|
|
72
|
+
* when `auth.popupRelayUri` is configured, because third-party storage
|
|
73
|
+
* partitioning blocks the BroadcastChannel the redirect bridge uses from
|
|
74
|
+
* reaching the embedded frame.
|
|
75
|
+
*
|
|
76
|
+
* The response is accepted only from the popup window we opened, on our own
|
|
77
|
+
* origin (the relay page is same-origin as the embedded frame), and only when
|
|
78
|
+
* it carries the matching per-request library-state id.
|
|
79
|
+
*
|
|
80
|
+
* @internal
|
|
81
|
+
*/
|
|
82
|
+
export async function waitForPopupRelayResponse(
|
|
83
|
+
timeoutMs: number,
|
|
84
|
+
logger: Logger,
|
|
85
|
+
request: WaitForBridgeRequest,
|
|
86
|
+
popupWindow: Window,
|
|
87
|
+
performanceClient: IPerformanceClient
|
|
88
|
+
): Promise<string> {
|
|
89
|
+
return new Promise<string>((resolve, reject) => {
|
|
90
|
+
const correlationId = request.correlationId;
|
|
91
|
+
logger.verbose(
|
|
92
|
+
"PopupRelay.waitForPopupRelayResponse - started",
|
|
93
|
+
correlationId
|
|
94
|
+
);
|
|
95
|
+
performanceClient.addFields(
|
|
96
|
+
{ redirectBridgeTimeoutMs: timeoutMs },
|
|
97
|
+
correlationId
|
|
98
|
+
);
|
|
99
|
+
|
|
100
|
+
const { libraryState } = ProtocolUtils.parseRequestState(
|
|
101
|
+
base64Decode,
|
|
102
|
+
request.state || "",
|
|
103
|
+
correlationId
|
|
104
|
+
);
|
|
105
|
+
const expectedId = libraryState.id;
|
|
106
|
+
const expectedOrigin = window.location.origin;
|
|
107
|
+
let settled = false;
|
|
108
|
+
|
|
109
|
+
const cleanup = (): void => {
|
|
110
|
+
window.removeEventListener("message", onMessage);
|
|
111
|
+
clearTimeout(timeoutId);
|
|
112
|
+
clearInterval(closedPoll);
|
|
113
|
+
};
|
|
114
|
+
|
|
115
|
+
const onMessage = (event: MessageEvent): void => {
|
|
116
|
+
if (
|
|
117
|
+
event.origin !== expectedOrigin ||
|
|
118
|
+
event.source !== popupWindow
|
|
119
|
+
) {
|
|
120
|
+
return;
|
|
121
|
+
}
|
|
122
|
+
const data = event.data;
|
|
123
|
+
if (
|
|
124
|
+
!data ||
|
|
125
|
+
data.type !== POPUP_RELAY_RESPONSE_TYPE ||
|
|
126
|
+
data.id !== expectedId
|
|
127
|
+
) {
|
|
128
|
+
return;
|
|
129
|
+
}
|
|
130
|
+
if (settled) {
|
|
131
|
+
return;
|
|
132
|
+
}
|
|
133
|
+
settled = true;
|
|
134
|
+
cleanup();
|
|
135
|
+
if (data.error) {
|
|
136
|
+
reject(createBrowserAuthError(data.error, correlationId));
|
|
137
|
+
} else if (data.payload) {
|
|
138
|
+
resolve(data.payload);
|
|
139
|
+
} else {
|
|
140
|
+
reject(
|
|
141
|
+
createBrowserAuthError(
|
|
142
|
+
redirectBridgeEmptyResponse,
|
|
143
|
+
correlationId
|
|
144
|
+
)
|
|
145
|
+
);
|
|
146
|
+
}
|
|
147
|
+
};
|
|
148
|
+
window.addEventListener("message", onMessage);
|
|
149
|
+
|
|
150
|
+
const timeoutId = window.setTimeout(() => {
|
|
151
|
+
if (settled) {
|
|
152
|
+
return;
|
|
153
|
+
}
|
|
154
|
+
settled = true;
|
|
155
|
+
cleanup();
|
|
156
|
+
reject(
|
|
157
|
+
createBrowserAuthError(
|
|
158
|
+
BrowserAuthErrorCodes.timedOut,
|
|
159
|
+
correlationId,
|
|
160
|
+
"popup_relay_timeout"
|
|
161
|
+
)
|
|
162
|
+
);
|
|
163
|
+
}, timeoutMs);
|
|
164
|
+
|
|
165
|
+
const closedPoll = window.setInterval(() => {
|
|
166
|
+
if (popupWindow.closed && !settled) {
|
|
167
|
+
settled = true;
|
|
168
|
+
cleanup();
|
|
169
|
+
reject(
|
|
170
|
+
createBrowserAuthError(
|
|
171
|
+
BrowserAuthErrorCodes.userCancelled,
|
|
172
|
+
correlationId
|
|
173
|
+
)
|
|
174
|
+
);
|
|
175
|
+
}
|
|
176
|
+
}, 500);
|
|
177
|
+
});
|
|
178
|
+
}
|